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STORM PROTECTION MECHANISM 

The present invention relates to computer network devices and more 
particularly to bridges or such devices having bridge-like characteristics. 

It is customary in computer networks for every device to have a unique 
address associated with it. Usually networks are designed to allow a one-to-one 
communication between ports of the network to which the devices are attached, 
but it is often the case that one port wishes to broadcast the same message to all 
other ports within the network. While this is acceptable, one has to guard against 
the possibility of a so-called storm of such broadcast data occurring in view of the 
fact that this would normally jam buffer stores associated with each port and also 
with the fact that the whole network would be slowed down. 

The present invention proposes that a switch or bridge monitors traffic 
15 through it, and utilizes certain parameters of the statistics related to the traffic 
through die bridge or switch in order to detect the onset of a storm condition and 
takes action to control the level of such traffic within limits. 

Preferably, each port has associated with it one bit which can be 
controlled in order to prevent a storm of multicast/broadcast data being forwarded 
20 to all die ports of the switch and jamming the system. 

The switch or bridge can simply identify from previous receptions of 
requests for multicasts or broadcasts that it will become overloaded and thus 
refuse to handle any further request for multicasts or broadcasts until a suitable 
time. 

25 In order that the present invention be more readily understood, an 

embodiment thereof will now be described by way of example only with reference 
to the accompanying drawings in which:- 

Fig. 1 shows the form of a typical packet of information; and 

Fig. 2 sho ws diagraimtwdcally a circuit layout of a switch or bridge for 
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explaining the present invention. 

As indicated in Fig. 1, a typical packet 10 of information on an cthernet 
network consists of a block of information 1 1 indicating the destination address 
of the packet of information, a source address 12 indicating me device from which 
5 the information is derived, other control information 13, actual data 14 to be 
transmitted, and finally a block 15 mdicating any errors which have occurred. 

Referring now to Figure 2, a switch or bridge 1 is represented as 
comprising a number of ports l...n, only two of which are shown. Data flow 
through the ports is controlled by a management entity 2 and a control device 6, 
10 which allows data transfer between ports. Each port includes a number of circuits 
including a port logic circuit 3, a data memory 4 for data received by and 
transmitted by the port and a statistics memory section 5 which stores details of 
all packets generated by the device (not shown) connected to the port. 

In addition to the above, it is also possible to sample data flowing 
15 through the bridge or switch. A pseudo random generator 20 is provided which 
generates a sampling pulse. This sampling pulse operates a gating circuit 22 
which feeds information from the next complete packet of a stream of data on the 
data bus of the network after the timing pulse through an analysis and formatting 
circuit 23 into the additional memory 25 and then closes the gate at the end of that 
packet until such time as the next timing pulse is generated by the pseudo random 
timer. 

Either the data from the memory section 5 or data derived from the 
sampled data can be used for a number of purposes such as the storm protection 
mechanism which will now be described. 
25 Turning now to the present invention, it is assumed that the networks 

comprises one or more switches or bridges each having a number of ports as well 
as a management entity for each switch or bridge. Each of the ports of a switch 
is known to the management entity of the switch and each port has storage and 
logic circuits. 
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In our proposed switch the control device contains a bit associated with 
each port, which can be altered in response to instructions from the management 
entity of die switch. The memory section 5 includes stores for logging all traffic 
through the port including accurate statistics of all broadcast and/or multicast 
5 messages created by the device attached to die port. 

The management entity monitors traffic through all ports of the switch 
or bridge and compiles statistics relating to the traffic. Included in the statistics 
are the number of occasions multicast/broadcast data is being supplied. On die 
basis of the statistics, from either die total or supplied data or both the 

10 management entity makes a decision as to whether to permit a further 
multicast/broadcast data message to pass through the switch or bridge. If the 
management entity determines that a storm would result from a further multicast/ 
broadcast data message which would normally jam die memory related with 'each 
port and also slow down the network, the management entity then changes the bit 

15 associated with the port in the control device 10. The control device on seeing this 
bit set, will direct any subsequent multicast/broadcast message to a non-existent 
port of the switch. In our system this is port 31. 

It is considered that this system of diversion to a non-existent port is 
superior to that of simply turning off a port which is attempting to transmit a 

20 multicast/broadcast message or of electing all broadcast or multicast traffic input 
through the port since the 

statistics relating to usage of die network are being maintained in an accurate form 
and consequently the management entity can detect when traffic on the network 
reduces to such a level that further multicast/broadcast message can be 
25 accommodated. At that point, the bit per port can be changed back to permit 
multicast/broadcast messages. 

This particular method permits unicast messages to be handled by the 
network as usual whether or not the storm protection mechanism is in operation. 
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CLAIMS: 



, A method for protecting a network from storms 

whereby analysis is performed on the network traffic, 
T* devices found to be generating large quantities of 
traffic are prevented from transmitting messages when 
deemed likely to cause a storm. 

2 The method of claim 1 wherein devices are 
particularly prevented from transmitting multicasts or 
broadcasts, when a storm is deemed likely. 

3 The method of claims 1 or 2 wherein devices 
which are found to be generating large numbers of 
multicasts or broadcasts are prevented from transiting 
multicasts or broadcasts. 

4 The method of any of claims 1 to 3, wherein 
the analysis is performed on the basis of sampling 
packets on the networ* at intervals to generate a 
stabilised representation of traffic flow. 

5 The method of claim 4 wherein the analysis of 
the networK traffic is carried out in real time. 

, The method of either of claims 4 or 5, wherein 

the sampling is carried out at pseudo random intervals. 

7 The method of any. of claims 4 to 6, wherein 
the analysis is performed on whole packets. 

8 The method of any of claims 4 to 6, wherein 
the analysis is performed on particular attributes of 
the packets* 
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9. The method of any of claims 4 to 8, wherein 

further analysis is carried out on the data sampled, 
which cannot be carried out in real time. 
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